{
    "componentChunkName": "component---src-templates-docs-js",
    "path": "/admin/21-graph-rebuild",
    "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.6.2 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"f9d673c1-644b-53f8-88af-3c38aa49ef98","title":"Rebuilding OpenIAM's in-memory authorization graph","slug":"/admin/21-graph-rebuild"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"Rebuilding OpenIAM's in-memory authorization graph\",\n  \"metaTitle\": \"Rebuilding OpenIAM's in-memory authorization graph\",\n  \"metaDescription\": \"The document gives a step-by-step instructions for rebuilding OpenIAM's in-memory authorization graph\"\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"p\", null, \"The \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Rebuild Graph\"), \" operation fully resets and reconstructs OpenIAM's in-memory authorization graph. The authorization graph is the data structure the system uses to answer every entitlement question \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"in real time\"), \": \\\"Is this user in this group?\\\", \\\"Does this user have access to this resource?\\\", etc.\"), mdx(\"p\", null, \"Triggering a rebuild causes the Authorization Manager service to:\"), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Drop the current graph entirely (all vertices and edges).\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Clear all associated caches (local + Redis).\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Re-fetch all authorization data from the relational database.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Rebuild the graph from scratch and repopulate the caches.\")), mdx(\"hr\", null), mdx(\"h2\", null, \"For end-users / System administrators\"), mdx(\"p\", null, \"There are several situation in which the graph rebuild function should be used, for example:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"After a database migration or direct DB modification.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"As s routine operation / scheduled maintenance. Here, the graph rebuilding is \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"optional\"), \" since the graph rebuilds automatically on first startup if the graph is empty.\")), mdx(\"p\", null, \"In normal day-to-day operations, the function is \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"not to be used\"), \" since the graph stays in sync automatically.\"), mdx(\"h3\", null, \"How to trigger?\"), mdx(\"p\", null, \"Send an HTTP GET request to the Authorization Manager REST endpoint:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"GET /authmanager/rebuildGraph\\n\")), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Example (curl):\")), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"curl -X GET http://<your-openiam-host>:9080/authmanager/rebuildGraph\\n\")), mdx(\"h3\", null, \"Expected behavior\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"The operation is \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"asynchronous\"), \" \\u2014 the API returns immediately; the actual rebuild happens in the background.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"The rebuild can take a \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"significant amount of time\"), \" depending on the size of your data (users, groups, roles, resources, organizations).\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"During the rebuild the Authorization Manager instance is \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"unavailable for authorization checks\"), \" until the process completes.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"If the rebuild fails for any reason, the service will \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"shut itself down\"), \" (to avoid serving stale/incorrect data). It will need to be restarted \\u2014 on restart the service checks whether the JanusGraph is empty; if it is, it triggers a rebuild automatically in a background thread.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Concurrent rebuild requests are safe: a Redis-distributed lock ensures only one rebuild runs at a time across all instances.\")), mdx(\"h3\", null, \"Monitoring progress\"), mdx(\"p\", null, \"Check the Authorization Manager service logs for entries like:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"[WARN]  Creating graph from current data.  This may take a long time...\\n[INFO]  Time to get all data from relational database: <N> ms\\n[INFO]  Done inserting <N> vertices into graph database...\\n[INFO]  Creation (or fail) of authorization objects in graph database took <N> ms\\n\")), mdx(\"p\", null, \"A successful completion produces the final timing log line. Any error will be logged at \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"ERROR\"), \" level.\"), mdx(\"hr\", null), mdx(\"h2\", null, \"For Developers\"), mdx(\"h3\", null, \"REST Entry Point\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Controller:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"AuthManagerRestController\"), \"\\n\", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"File:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"openiam-esb/src/main/java/org/openiam/esb/rest/AuthManagerRestController.java\")), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"GET /authmanager/rebuildGraph\\n\")), mdx(\"p\", null, \"Calls \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"authManagerMQService.refreshCache()\"), \" \\u2014 a fire-and-forget async message.\"), mdx(\"hr\", null), mdx(\"h3\", null, \"Full call chain\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"GET /authmanager/rebuildGraph\\n  \\u2502\\n  \\u25BC\\nAuthManagerRestController.rebuildGraph()\\n  \\u2502\\n  \\u25BC\\nAuthManagerMQServiceImpl.refreshCache()\\n  \\u2502  Sends async RabbitMQ message:\\n  \\u2502    API: AMManagerAPI.RefreshAMManager\\n  \\u2502    Payload: EmptyServiceRequest\\n  \\u2502    Exchange: AM_EXCHANGE  (virtual host: AM_HOST)\\n  \\u25BC\\nRabbitMQSenderImpl.sendAndReceive()\\n  \\u2502  Routes to the correct RequestServiceGateway by vhost\\n  \\u25BC\\nAMManagerQueueListener  (RabbitMQ consumer on AMManagerQueue)\\n  \\u2502  getEmptyRequestProcessor() \\u2192 case RefreshAMManager\\n  \\u25BC\\nAuthorizationManagerServiceImpl.rebuildGraph()\\n  \\u2502\\n  \\u251C\\u2500 graphOperations.deleteAllIndicies()        // drop all vertices from JanusGraph\\n  \\u251C\\u2500 remoteEntitlementsCache.delete(keys)       // clear Redis remote entitlements cache\\n  \\u2514\\u2500 synchronized(localEntitlementsCacheLock)\\n       \\u251C\\u2500 sweep()                               // the main rebuild (see below)\\n       \\u251C\\u2500 localEntitlementsCache.invalidateAll()\\n       \\u251C\\u2500 graphIdCacheSweeper.forceSweep()\\n       \\u251C\\u2500 entitlementsObjectsCacheSweeper.forceSweep()\\n       \\u2514\\u2500 edgeIdCacheSweeper.forceSweep()\\n\")), mdx(\"hr\", null), mdx(\"h3\", null, \"Graph rebuild detail\"), mdx(\"p\", null, \"The \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"sweep()\"), \" method steps are given below.\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"File:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"auth-manager/src/main/java/org/openiam/authmanager/service/impl/AuthorizationManagerServiceImpl.java\")), mdx(\"p\", null, \"This is where the actual graph is constructed. It runs under a Redis distributed lock (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GRAPH_BUILDER_LOCK_NAME\"), \", 10-second acquisition timeout).\"), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Acquire distributed lock\"), \" \\u2014 prevents concurrent rebuilds across multiple service instances.\")), mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Fetch relational data\"), \" (see \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"#sql-queries-used-during-rebuild\"\n  }, \"SQL Queries\"), \" below):\"), mdx(\"ul\", {\n    parentName: \"li\"\n  }, mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"dataProvider.getModel(NonCachedEntitlementRequest)\"), \" \\u2014 loads all organizations, roles, groups, resources, and their membership relationships.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"dataProvider.getUsers()\"), \" \\u2014 loads all users.\"))), mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Build vertices\"), \" \\u2014 \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"buildVertex2OpeniamGraphTuple()\"), \" creates JanusGraph vertices for each entity type:\"), mdx(\"ul\", {\n    parentName: \"li\"\n  }, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Users\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Organizations\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Roles\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Groups\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Resources\"))), mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Persist graph IDs to relational DB\"), \" \\u2014 each vertex gets a graph ID that is written back to the RDBMS in batches (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"batchSize\"), \") inside a transaction (via \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"authManagerDAO.updateGraphId()\"), \").\")), mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Build edges\"), \" \\u2014 \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"addEdges()\"), \" creates directed edges in JanusGraph representing all membership and entitlement relationships (user\\u2192group, group\\u2192role, role\\u2192resource, etc.).\")), mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Refresh caches:\")), mdx(\"ul\", {\n    parentName: \"li\"\n  }, mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"graphIdCacheSweeper.forceSweep()\")), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"entitlementsObjectsCacheSweeper.forceSweep()\")), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"edgeIdCacheSweeper.forceSweep()\")))), mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"On failure\"), \" \\u2014 all indices are dropped and \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"SpringApplication.exit()\"), \" is called with exit code 1. The service shuts down to avoid serving incorrect data.\"))), mdx(\"h4\", null, \"Error Handling\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Scenario\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Behaviour\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Lock not acquired within 10 s\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"sweep()\"), \" silently skips; error logged\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Any \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Throwable\"), \" during build\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All graph indices dropped; service exits with code 1\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Successful completion\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All caches refreshed; graph is live\")))), mdx(\"hr\", null), mdx(\"h3\", null, \"Startup behavior\"), mdx(\"p\", null, \"Does it always rebuild?\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"The graph is only rebuilt on startup if JanusGraph contains no vertices.\")), mdx(\"p\", null, \"This means:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"First deploy / fresh environment\"), \" \\u2014 graph is empty \\u2192 full rebuild runs automatically.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Normal restart\"), \" \\u2014 JanusGraph already has data \\u2192 rebuild is skipped; existing graph is used immediately.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"After a crash that called \", mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"SpringApplication.exit()\")), \" \\u2014 the crash first drops all indices, so on the next restart the graph is empty and rebuilds automatically.\")), mdx(\"p\", null, \"This also implies that if JanusGraph data is manually cleared outside of the application, the next service restart will trigger a full rebuild.\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Service:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"auth-manager\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"AuthorizationManagerServiceImpl\"), \")\\n\", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"File:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"auth-manager/src/main/java/org/openiam/authmanager/service/impl/AuthorizationManagerServiceImpl.java\")), mdx(\"p\", null, \"On startup, \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"@PostConstruct init()\"), \" runs the following check:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"if (isEmptyGraph()) {\\n    Executors.newSingleThreadExecutor().submit(() -> {\\n        sweep();   // full graph rebuild in a background thread\\n    });\\n} else {\\n    log.info(\\\"Graph not empty - not populating.  Found at least one vertex\\\");\\n}\\n\")), mdx(\"hr\", null), mdx(\"h3\", null, \"SQL queries used during rebuild\"), mdx(\"p\", null, \"All queries are issued by \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"JdbcMembershipDAO\"), \" and \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"JDBCAccessRightDAO\"), \" (both in \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"openiam-common-boot-module\"), \"). The \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"{schema}\"), \" prefix is a configurable table-name prefix (empty by default).\"), mdx(\"h4\", null, \"Entity queries\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"-- Users\\nSELECT USER_ID AS ID, GRAPH_ID FROM {schema}USERS\\n\\n-- Resources\\nSELECT GRAPH_ID, RESOURCE_ID AS ID, NAME, DESCRIPTION, RESOURCE_TYPE_ID,\\n       RISK, COORELATED_NAME, IS_PUBLIC, TYPE_ID\\nFROM {schema}RES\\n\\n-- Groups\\nSELECT GRAPH_ID, GRP_ID AS ID, GRP_NAME AS NAME, GROUP_DESC AS DESCRIPTION,\\n       STATUS, MANAGED_SYS_ID, TYPE_ID\\nFROM {schema}GRP\\n\\n-- Roles\\nSELECT GRAPH_ID, ROLE_ID AS ID, ROLE_NAME AS NAME, DESCRIPTION,\\n       STATUS, MANAGED_SYS_ID, TYPE_ID\\nFROM {schema}ROLE\\n\\n-- Organizations\\nSELECT GRAPH_ID, COMPANY_ID AS ID, COMPANY_NAME AS NAME, DESCRIPTION, STATUS\\nFROM {schema}COMPANY\\n\\n-- Access Rights\\nSELECT ACCESS_RIGHT_ID AS ID, NAME FROM {schema}ACCESS_RIGHTS\\n\")), mdx(\"h4\", null, \"Membership (Edge) query\"), mdx(\"p\", null, \"All membership relationships are loaded in a single query \\u2014 a \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"UNION ALL\"), \" of 15 cross-reference tables wrapped in a subquery:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"SELECT MEMBER_ENTITY_ID, ENTITY_ID, MEMBERSHIP_ID, TYPE, START_DATE, END_DATE, EDGE_ID\\nFROM (\\n    SELECT ... FROM {schema}USER_ROLE            -- user \\u2192 role\\n    UNION ALL\\n    SELECT ... FROM {schema}USER_GRP             -- user \\u2192 group\\n    UNION ALL\\n    SELECT ... FROM {schema}USER_AFFILIATION     -- user \\u2192 organization\\n    UNION ALL\\n    SELECT ... FROM {schema}RESOURCE_USER        -- user \\u2192 resource\\n    UNION ALL\\n    SELECT ... FROM {schema}COMPANY_TO_COMPANY_MEMBERSHIP  -- org \\u2192 org\\n    UNION ALL\\n    SELECT ... FROM {schema}ROLE_ORG_MEMBERSHIP  -- org \\u2192 role\\n    UNION ALL\\n    SELECT ... FROM {schema}GROUP_ORGANIZATION   -- org \\u2192 group\\n    UNION ALL\\n    SELECT ... FROM {schema}RES_ORG_MEMBERSHIP   -- org \\u2192 resource\\n    UNION ALL\\n    SELECT ... FROM {schema}role_to_role_membership  -- role \\u2192 role\\n    UNION ALL\\n    SELECT ... FROM {schema}GRP_ROLE             -- role \\u2192 group\\n    UNION ALL\\n    SELECT ... FROM {schema}RESOURCE_ROLE        -- role \\u2192 resource\\n    UNION ALL\\n    SELECT ... FROM {schema}grp_to_grp_membership    -- group \\u2192 group\\n    UNION ALL\\n    SELECT ... FROM {schema}RESOURCE_GROUP       -- group \\u2192 resource\\n    UNION ALL\\n    SELECT ... FROM {schema}res_to_res_membership    -- resource \\u2192 resource\\n    UNION ALL\\n    SELECT ... FROM {schema}ORG_STRUCTURE        -- user \\u2192 user (hierarchy)\\n) OPTIMIZED_SUBQUERY\\n\")), mdx(\"p\", null, \"When a \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"date\"), \" parameter is provided (e.g., when only fetching recently changed memberships), each sub-select adds a date-range filter on \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"START_DATE\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"END_DATE\"), \".\"), mdx(\"h4\", null, \"Membership rights query\"), mdx(\"p\", null, \"Access rights attached to each membership edge are loaded separately \\u2014 another \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"UNION ALL\"), \" across 14 rights tables:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"SELECT MEMBERSHIP_ID, ACCESS_RIGHT_ID, '{Type}' AS TYPE\\nFROM {schema}USER_ROLE_MEMBERSHIP_RIGHTS\\nUNION ALL\\nSELECT MEMBERSHIP_ID, ACCESS_RIGHT_ID, '{Type}' AS TYPE\\nFROM {schema}USER_GRP_MEMBERSHIP_RIGHTS\\nUNION ALL\\n-- ... (USER_AFFILIATION_RIGHTS, USER_RES_MEMBERSHIP_RIGHTS,\\n--      ORG_TO_ORG_MEMBERSHIP_RIGHTS, ROLE_ORG_MEMBERSHIP_RIGHTS,\\n--      GRP_ORG_MEMBERSHIP_RIGHTS, RES_ORG_MEMBERSHIP_RIGHTS,\\n--      ROLE_ROLE_MEMBERSHIP_RIGHTS, GRP_ROLE_MEMBERSHIP_RIGHTS,\\n--      RES_ROLE_MEMBERSHIP_RIGHTS, GRP_GRP_MEMBERSHIP_RIGHTS,\\n--      RES_GRP_MEMBERSHIP_RIGHTS, RES_RES_MEMBERSHIP_RIGHTS)\\n\")), mdx(\"h4\", null, \"Summary of tables read\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Table\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Content\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"USERS\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All user accounts.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"RES\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All resources.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GRP\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All groups.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ROLE\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All roles.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"COMPANY\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All organizations.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ACCESS_RIGHTS\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All access right definitions.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"USER_ROLE\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"USER_GRP\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"USER_AFFILIATION\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"RESOURCE_USER\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"User memberships.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"COMPANY_TO_COMPANY_MEMBERSHIP\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ROLE_ORG_MEMBERSHIP\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GROUP_ORGANIZATION\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"RES_ORG_MEMBERSHIP\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Organization memberships.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"role_to_role_membership\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GRP_ROLE\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"RESOURCE_ROLE\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Role memberships.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"grp_to_grp_membership\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"RESOURCE_GROUP\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Group memberships.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"res_to_res_membership\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Resource hierarchy.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ORG_STRUCTURE\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"User\\u2013user hierarchy.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"*_MEMBERSHIP_RIGHTS\"), \" tables (\\xD714)\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Rights attached to each membership edge.\")))), mdx(\"hr\", null), mdx(\"h3\", null, \"EDGE_ID Lifecycle\"), mdx(\"p\", null, mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"EDGE_ID\"), \" is a column present on every membership xref table (e.g., \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"USER_ROLE\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GRP_ROLE\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"RESOURCE_USER\"), \", etc.) and on every membership rights table (e.g., \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"USER_ROLE_MEMBERSHIP_RIGHTS\"), \"). It stores the ID of the corresponding edge in JanusGraph, linking relational membership records to graph edges.\"), mdx(\"p\", null, \"When \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"addEdges()\"), \" creates an edge in JanusGraph via Gremlin, the traversal uses \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \".as(selectKey)\"), \" to label each created edge and then \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \".select(...)\"), \" to retrieve the resulting \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Edge\"), \" objects. The \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"edge.id().toString()\"), \" value returned by JanusGraph is the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"EDGE_ID\"), \" that gets written back to the relational DB.\"), mdx(\"p\", null, \"All writes go through \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"AuthManagerDAOImpl\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"auth-manager\"), \" module). Three SQL patterns are used:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"-- Membership with an access right attached\\nUPDATE {schema}{xref_rights_table} SET EDGE_ID = ? WHERE MEMBERSHIP_ID = ? AND ACCESS_RIGHT_ID = ?\\n\\n-- Membership with no access right\\nUPDATE {schema}{xref_table} SET EDGE_ID = ? WHERE MEMBERSHIP_ID = ?\\n\\n-- Nulling out a stale/expired EDGE_ID\\nUPDATE {schema}{xref_table}        SET EDGE_ID = NULL WHERE EDGE_ID = ?\\nUPDATE {schema}{xref_rights_table} SET EDGE_ID = NULL WHERE EDGE_ID = ?\\n\")), mdx(\"p\", null, \"The target table is resolved at runtime from an internal map keyed on \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"(parentVertexType, childVertexType)\"), \" \\u2014 e.g., \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"(USER, ROLE)\"), \" \\u2192 \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"USER_ROLE\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"USER_ROLE_MEMBERSHIP_RIGHTS\"), \".\"), mdx(\"p\", null, \"The \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"EDGE_ID\"), \" is written in the following cases.\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Event\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"What happens to EDGE_ID\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Full graph rebuild\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"sweep()\"), \")\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All edges recreated in JanusGraph; \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"EDGE_ID\"), \" written back in batches for every membership row via \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"authManagerDAO.updateEdges()\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"updateEdgesWithoutRights()\"), \".\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Single edge add/update\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GraphOperations.addEdges(SaveGraphEdgeRequest)\"), \")\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Old edge deleted from JanusGraph first, new edge created, new \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"EDGE_ID\"), \" written back; edge ID cache updated locally and broadcast to all nodes.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Expired edge removal\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"removeExpiredEdges()\"), \")\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Expired edges dropped from JanusGraph; corresponding \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"EDGE_ID\"), \" columns set to \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"NULL\"), \" via \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"authManagerDAO.nullOutEdges()\"), \".\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Data inconsistency fix\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"fixDataInconsistencies()\"), \")\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Queries memberships where \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"EDGE_ID IS NULL\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"isOnlyIncludeMembershipsNotInsertedIntoGraphDatabase = true\"), \"), creates the missing edges in JanusGraph, then writes the new \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"EDGE_ID\"), \" values back.\")))), mdx(\"p\", null, mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"fixDataInconsistencies()\"), \" runs on a schedule (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"org.openiam.authorization.manager.gremlin.fix.data.time.ms\"), \") in addition to being triggerable via the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"AMManagerAPI.FixDataInconsistencies\"), \" endpoint.\"), mdx(\"p\", null, \"After writing to the DB, the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"EDGE_ID \\u2192 ACCESS_RIGHT_ID\"), \" mapping is synced into a Redis cache and \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"local in-process cache\"), \" via \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"EdgeIdCacheSweeper\"), \". This cache is used during authorization checks to resolve edge rights without hitting the DB. The sweeper also runs on a fixed schedule (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"org.openiam.edge.id.threadsweep\"), \").\"), mdx(\"p\", null, \"The complete flow for a single-edge update:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"addEdges(SaveGraphEdgeRequest)\\n  \\u2502\\n  \\u251C\\u2500 deleteEdge(oldEdgeId)                        // remove stale edge from JanusGraph\\n  \\u251C\\u2500 createEdgeTraversal(...)                      // create new edge; Gremlin returns edge.id()\\n  \\u251C\\u2500 authManagerDAO.updateEdges(...)               // UPDATE {table} SET EDGE_ID=? WHERE MEMBERSHIP_ID=? AND ACCESS_RIGHT_ID=?\\n  \\u251C\\u2500 authManagerDAO.updateEdgesWithoutRights(...)  // UPDATE {table} SET EDGE_ID=? WHERE MEMBERSHIP_ID=?\\n  \\u251C\\u2500 edgeIdCache.refreshTemporaryCacheEntry(...)   // update local in-process cache\\n  \\u2514\\u2500 authManagerAdminMQService.refreshEdgeId(...)  // broadcast to other cluster nodes\\n\")), mdx(\"hr\", null), mdx(\"h3\", null, \"GRAPH_ID Lifecycle\"), mdx(\"p\", null, mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GRAPH_ID\"), \" is a column on every entity table (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"USERS\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GRP\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"ROLE\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"COMPANY\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"RES\"), \"). It stores the JanusGraph vertex ID for that entity, linking each relational row to its vertex in the graph.\"), mdx(\"blockquote\", null, mdx(\"p\", {\n    parentName: \"blockquote\"\n  }, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"JPA note:\"), \" The \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"graphId\"), \" field on all entity classes (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"UserEntity\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GroupEntity\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"RoleEntity\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"OrganizationEntity\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"ResourceEntity\"), \") is mapped with \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"insertable = false, updatable = false\"), \". JPA never writes this column \\u2014 all writes go through direct JDBC in \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"AuthManagerDAOImpl\"), \".\")), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Write-back SQL\"), \" looks like the following.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"-- Users\\nUPDATE {schema}USERS   SET GRAPH_ID = ? WHERE USER_ID = ?\\n\\n-- Groups\\nUPDATE {schema}GRP     SET GRAPH_ID = ? WHERE GRP_ID = ?\\n\\n-- Roles (only for roles not excluded from auth)\\nUPDATE {schema}ROLE    SET GRAPH_ID = ? WHERE ROLE_ID = ? AND EXCLUDE_FROM_AUTH = 'N'\\n\\n-- Organizations\\nUPDATE {schema}COMPANY SET GRAPH_ID = ? WHERE COMPANY_ID = ?\\n\\n-- Resources\\nUPDATE {schema}RES     SET GRAPH_ID = ? WHERE RESOURCE_ID = ?\\n\")), mdx(\"p\", null, \"The target table and primary-key column are resolved from a map keyed on \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"VertexType\"), \" (USER, GROUP, ROLE, ORGANIZATION, RESOURCE).\"), mdx(\"p\", null, \"The \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GRAPH_ID\"), \" is written in the following cases.\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Event\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"What happens to GRAPH_ID\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Full graph rebuild\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"sweep()\"), \")\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"All entities inserted as vertices into JanusGraph; \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"vertex.id().toString()\"), \" written back in batches via \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"authManagerDAO.updateGraphId(type, List<Tuple>)\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Data inconsistency fix\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"fixDataInconsistencies()\"), \")\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Same batch path \\u2014 called for entities found to be missing from the graph\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"New entity created at runtime\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GraphOperations.addVertex()\"), \")\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Checks \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"graphIdProvider.contains(type, entityId)\"), \" first; if absent, creates a single vertex and writes its ID back via \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"authManagerDAO.updateGraphId(type, id, graphId)\"), \" in a transaction\")))), mdx(\"p\", null, \"The single-entity path (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"addVertex\"), \") is the normal path when a new user, group, role, org, or resource is provisioned through the application \\u2014 no full rebuild is needed.\"), mdx(\"p\", null, \"During a \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"full rebuild\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"buildVertex2OpeniamGraphTuple()\"), \" calls \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"addObjectsToGraph()\"), \" for each entity type. \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"addObjectsToGraph()\"), \" batches entities (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"graphBatchSize\"), \"), sends them to JanusGraph via Gremlin, reads back the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Vertex\"), \" objects, and returns \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"List<Tuple<openiamId, vertex.id()>>\"), \". Those tuples are then persisted back in RDBMS batches.\"), mdx(\"p\", null, \"After writing, \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GraphIdCacheSweeper.forceSweep()\"), \" is called. It:\"), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Reads all current \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"GRAPH_ID\"), \" values from every entity table into a \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"Map<VertexType, Map<openiamId, graphId>>\"), \".\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Stores the maps in Redis (one key per \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"VertexType\"), \").\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Refreshes the local in-process Guava cache (\", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"AbstractGraphIdProvider.sweep()\"), \").\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Broadcasts \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"refreshGraphIdCache\"), \" to all cluster nodes via RabbitMQ so every instance updates its local copy.\")), mdx(\"p\", null, \"The local cache has a 10-minute write TTL and also a scheduled periodic sync (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"org.openiam.graph.id.threadsweep\"), \"). For new single entities, \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"graphIdProvider.refreshTemporaryCacheEntry()\"), \" updates the local cache immediately without waiting for the next sweep.\"), mdx(\"p\", null, \"The complete flow for a single new entity:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"GraphOperations.addVertex(type, entity, properties)\\n  \\u2502\\n  \\u251C\\u2500 graphIdProvider.contains(type, id)?  \\u2192  skip if already exists\\n  \\u251C\\u2500 graphSource.addV(type).property(...).next()  \\u2192  vertex.id() is the new GRAPH_ID\\n  \\u251C\\u2500 authManagerDAO.updateGraphId(type, entityId, graphId)\\n  \\u2502     UPDATE {schema}{table} SET GRAPH_ID=? WHERE {pk}=?\\n  \\u251C\\u2500 graphIdProvider.refreshTemporaryCacheEntry(type, id, graphId)  \\u2192  local Guava cache\\n  \\u251C\\u2500 entitlementsObjectCache.addCacheEntry(entity)\\n  \\u2514\\u2500 authManagerAdminMQService.refreshGraphId(entity)\\n         \\u2192 broadcasts to all nodes via RabbitMQ\\n         \\u2192 each node: AMCacheQueueListener \\u2192 graphIdProvider.refreshTemporaryCacheEntry()\\n\")), mdx(\"p\", null, mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GRAPH_ID\"), \" is treated as a \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"String\"), \" in the DB in all cases. The type conversion (e.g. \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Long\"), \" for JanusGraph, \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"String\"), \" for Neptune / CosmosDB) is handled by the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GraphIdProvider\"), \" implementation at query time, not at write time.\"), mdx(\"hr\", null), mdx(\"h3\", null, \"Key classes\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Class\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Module\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Role\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AuthManagerRestController\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"openiam-esb\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"REST endpoint.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AuthManagerMQServiceImpl\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"openiam-mq-services\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Sends RabbitMQ message.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AMManagerQueueListener\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"auth-manager\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"RabbitMQ consumer; routes to service.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AuthorizationManagerServiceImpl\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"auth-manager\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Orchestrates the rebuild; startup empty-graph check.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AuthorizationManagerDataProvider\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"auth-manager\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Fetches data model from DB.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"JdbcMembershipDAO\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"openiam-common-boot-module\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Executes all entity + membership SQL queries.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"JDBCAccessRightDAO\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"openiam-common-boot-module\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Fetches access right definitions.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GraphOperations\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"auth-manager\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Low-level JanusGraph operations.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GraphIdCacheSweeper\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"auth-manager\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Refreshes graph-ID cache.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"EdgeIdCacheSweeper\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"auth-manager\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Refreshes edge-ID cache.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AMManagerAPI\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"openiam-common-intf\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Enum of AM API names.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AMManagerQueue\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AMQueue\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"openiam-common-intf\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"RabbitMQ queue/exchange config.\")))), mdx(\"hr\", null), mdx(\"h3\", null, \"Caches cleared during rebuild\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Cache\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Type\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Cleared by\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Remote entitlements cache\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Redis (prefix \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"REMOTE_ENTITLEMENTS_CACHE_KEY_PREFIX*\"), \")\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"rebuildGraph()\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Local entitlements cache\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Guava/Caffeine in-process\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"localEntitlementsCache.invalidateAll()\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Graph ID cache\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"In-process / distributed\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GraphIdCacheSweeper.forceSweep()\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Entitlements objects cache\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"In-process / distributed\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"EntitlementsObjectsCacheSweeper.forceSweep()\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Edge ID cache\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"In-process / distributed\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"EdgeIdCacheSweeper.forceSweep()\"))))), mdx(\"hr\", null), mdx(\"h3\", null, \"Graph technology\"), mdx(\"p\", null, \"The authorization graph is stored in \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"JanusGraph\"), \" (accessed via Gremlin traversal API \\u2014 \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"graphSource.V()\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \".drop()\"), \", etc.). \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GraphOperations.deleteAllIndicies()\"), \" iterates and drops vertices in batches of 100 until the graph is empty.\"), mdx(\"hr\", null), mdx(\"h3\", null, \"Thread safety\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"rebuildGraph()\"), \" uses a \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"synchronized\"), \" block on \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"localEntitlementsCacheLock\"), \" to serialize local cache operations.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"sweep()\"), \" uses a \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Redis distributed lock\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"redissonClient.getLock(GRAPH_BUILDER_LOCK_NAME)\"), \") to serialize the graph rebuild across all service instances in a cluster.\")));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#for-end-users--system-administrators","title":"For end-users / System administrators","items":[{"url":"#how-to-trigger","title":"How to trigger?"},{"url":"#expected-behavior","title":"Expected behavior"},{"url":"#monitoring-progress","title":"Monitoring progress"}]},{"url":"#for-developers","title":"For Developers","items":[{"url":"#rest-entry-point","title":"REST Entry Point"},{"url":"#full-call-chain","title":"Full call chain"},{"url":"#graph-rebuild-detail","title":"Graph rebuild detail","items":[{"url":"#error-handling","title":"Error Handling"}]},{"url":"#startup-behavior","title":"Startup behavior"},{"url":"#sql-queries-used-during-rebuild","title":"SQL queries used during rebuild","items":[{"url":"#entity-queries","title":"Entity queries"},{"url":"#membership-edge-query","title":"Membership (Edge) query"},{"url":"#membership-rights-query","title":"Membership rights query"},{"url":"#summary-of-tables-read","title":"Summary of tables read"}]},{"url":"#edge_id-lifecycle","title":"EDGE_ID Lifecycle"},{"url":"#graph_id-lifecycle","title":"GRAPH_ID Lifecycle"},{"url":"#key-classes","title":"Key classes"},{"url":"#caches-cleared-during-rebuild","title":"Caches cleared during rebuild"},{"url":"#graph-technology","title":"Graph technology"},{"url":"#thread-safety","title":"Thread safety"}]}]},"parent":{"relativePath":"admin/21-graph-rebuild.md"},"frontmatter":{"metaTitle":"Rebuilding OpenIAM's in-memory authorization graph","metaDescription":"The document gives a step-by-step instructions for rebuilding OpenIAM's in-memory authorization graph"}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/changelog/23-v2026.5.2","title":"Changelog for v2026.5.2"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/developerguide/11-groovy-scripts","title":"Groovy Script Management"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.2","title":"New in v2026.5.2"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/23-v2026.6.1","title":"New in v2026.6.1"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/11-campaign-dashboard","title":"Campaign dashboard"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/12-campaign-preview","title":"Campaign preview"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-bulk-approval","title":"Allow bulk approval"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/thesaurus","title":"Access Certification Thesaurus"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/13-workflowsoverview","title":"Workflows Overview"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/13-image-migration-guide","title":"Image migration script"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ  connection timeout issue"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 2026.6.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.5.2","title":"Upgrading notes for v.2026.5.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.6.1","title":"Upgrading notes for v.2026.6.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/7-upg-notes20206.5.2","title":"Upgrading notes for v.2026.5.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/8-upg-notes2026.6.1","title":"Upgrading notes for v.2026.6.1 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"f9d673c1-644b-53f8-88af-3c38aa49ef98"}},
    "staticQueryHashes": ["2619113677","3706406642","417421954"]}